The Ypsilon Group is supporting the global real estate company Jamestown in the implementation of the European regulation DORA (Digital Operational Resilience Act). The aim of the mandate is to implement the regulatory requirements for digital operational resilience in a practical way and to further develop existing governance, documentation and control processes in compliance with DORA.
As part of the mandate, Ypsilon Jamestown supports the implementation of a gap analysis, the development of regulatory documentation, as well as training and the further development of governance, documentation and reporting processes in the area of so-called ICT third-party management, strategic management and risk monitoring of external technology service providers. In particular, the focus is on the regulatory assessment of IT and communications service providers, the definition of critical business processes and the implementation of new requirements for governance and reporting processes.
Christian Eder, Managing Director of Ypsilon Consulting GmbH & Co. KG at the Ypsilon Group, says: “Many companies are currently looking for pragmatic solutions that fit their organization and efficiently implement regulatory requirements. In doing so, we see ourselves not only as a technical consultant, but also as a sparring partner in the organizational implementation.”
DORA takes a much more comprehensive and systematic approach to dealing with digital risks. “The focus is no longer just on individual technical security measures, but on the resilience of central business processes, responsibilities and outsourced ICT structures. In the future, companies will have to take a much more integrated view of technical, organizational and regulatory requirements,” Eder continues.
Challenge especially for small and medium-sized enterprises
A particular challenge is to implement regulatory requirements in a practical way and proportionally to the size of the company. “Medium-sized financial companies in particular need pragmatic solutions that are resilient from a regulatory point of view and at the same time operationally feasible. This is not only about additional documentation, but also about clear responsibilities and practicable processes,” Eder explains.
DORA significantly expands the previous requirements for outsourcing management and brings the management of ICT third parties more into the regulatory focus, from cloud providers to smaller external IT partners. At the same time, the demands on technology and software providers whose solutions support central business processes of regulated financial companies are also increasing. Among other things, companies must maintain information registers, identify critical business processes and implement new requirements for contracts, emergency processes and reporting obligations.
With this mandate, Ypsilon is further expanding its advisory expertise in the field of regulatory advisory and financial services. The company advises financial market players on regulatory issues relating to governance, IT compliance, outsourcing management and digital resilience, among other things.
The European regulation DORA has been in force for regulated financial entities since the beginning of 2025 and significantly expands the requirements for digital resilience, ICT risk management and the management of external ICT service providers. Among others, capital management companies, banks, insurance companies and other financial market players are affected.
